My Firefox was hacked. How can I found out how?

I received an email that for all accounts, at first, seemed like it was only a phishing email. One problem. They sent it to a name/email combination that I ONLY used once-- with my Capitol One Credit Card account. In the body they also cited our complete address (the one used for our Capitol One account). I went to Capitol One, and sure enough they had charged my card 3 times in the previous week. Capitol One said they didn't hack my account with them. Mozilla Firefox is the ONLY browser I use with that account, so the only other possibility is Firefox.

HELP!

I received an email that for all accounts, at first, seemed like it was only a phishing email. One problem. They sent it to a name/email combination that I ONLY used once-- with my Capitol One Credit Card account. In the body they also cited our complete address (the one used for our Capitol One account). I went to Capitol One, and sure enough they had charged my card 3 times in the previous week. Capitol One said they didn't hack my account with them. Mozilla Firefox is the ONLY browser I use with that account, so the only other possibility is Firefox.
HELP!

Sometimes a problem with Firefox may be a result of malware installed on your computer, that you may not be aware of.
You can try these free programs to scan for malware, which work with your existing antivirus software:
* [http://www.microsoft.com/security/scanner/default.aspx Microsoft Safety Scanner]
* [http://www.malwarebytes.org/products/malwarebytes_free/ MalwareBytes' Anti-Malware]
* [http://support.kaspersky.com/faq/?qid=208283363 TDSSKiller - AntiRootkit Utility]
* [http://www.surfright.nl/en/hitmanpro/ Hitman Pro]
* [http://www.eset.com/us/online-scanner/ ESET Online Scanner]
[http://windows.microsoft.com/MSE Microsoft Security Essentials] is a good permanent antivirus for Windows 7/Vista/XP if you don't already have one.
Further information can be found in the [[Troubleshoot Firefox issues caused by malware]] article.
Did this fix your problems? Please report back to us!

Norton is not foolproof. It can't hurt to use some other tools to check as well. Seeing as your credit card has already been stolen and illegitimately used, I'd say you should be throwing anything and everything you can at this problem to prevent further damage to your credit and finances in general.

Norton is not foolproof. It can't hurt to use some other tools to check as well. Seeing as your credit card has already been stolen and illegitimately used, I'd say you should be throwing anything and everything you can at this problem to prevent further damage to your credit and finances in general.

Have you ever used a public WiFi connection to access that account?
How frequently do you change you password for that account?
Have you ever allowed someone else to use your PC in your own logon user account?

As far the Norton Security Suite, is it capable of detecting a key logger or discovering a root-kit infection? Anti-virus applications usually aren't capable of handling Malware, either.

Have you ever used a public WiFi connection to access that account? <br />
How frequently do you change you password for that account? <br />
Have you ever allowed someone else to use your PC in your own logon user account?
As far the Norton Security Suite, is it capable of detecting a key logger or discovering a root-kit infection? Anti-virus applications usually aren't capable of handling Malware, either.

Helpful Reply

Were you storing the account password only in your head or did you save it in Firefox or in one of your extensions or in another password manager?

I'm not clear on how having the login compromised would lead to charges on your card, but I suppose someone with access to the account could extract the right information to use for purchases.

Were you storing the account password only in your head or did you save it in Firefox or in one of your extensions or in another password manager?
I'm not clear on how having the login compromised would lead to charges on your card, but I suppose someone with access to the account could extract the right information to use for purchases.

Question owner

The difference her is something fortunate that happened. Again, the email account and the name (my wife's) were ONLY used the one time in that combination, and that was to open the CC account. So while I understand, all things being equal... but I was able to narrow it down quickly, not to mention that Firefox is the ONLY browser I used to both look at the account and open it.

The difference her is something fortunate that happened. Again, the email account and the name (my wife's) were ONLY used the one time in that combination, and that was to open the CC account. So while I understand, all things being equal... but I was able to narrow it down quickly, not to mention that Firefox is the ONLY browser I used to both look at the account and open it.

Helpful Reply

No I haven't used a public area to access the account. I have a VERY secure Cisco router and Network is local only. No wifi access. The account was only 3 weeks old, which again helped to narrow it down immediately. No One has access to my computer at all.

Thanks for your thoughtful responses. Keep 'em coming!
Doc

No I haven't used a public area to access the account. I have a VERY secure Cisco router and Network is local only. No wifi access. The account was only 3 weeks old, which again helped to narrow it down immediately. No One has access to my computer at all.
Thanks for your thoughtful responses. Keep 'em coming!
Doc

Question owner

Question owner

jscher2000 - Yes, Firefox did store it for me. Not in the master password product, but just the normal password fill program.

As far as your second point. I'm not exactly sure either how it happened either. My first instinct was that they hacked into Cap One. Because the email had our correct name and email and physical address. To get into the account to get the password for the account, the only way is through firefox, a keylogger, or malware, I guess. But I thought for sure that all the money I pay to Norton for extended security, because of my business interactions, that they would have something as relatively mundane as malware figured out and up to date. I don;t know.

thanks for your responses. Please continue to help me figure this out.

ANYONE, any thoughts on anything I could get from the email headers, IP tracing or the like?

And I don;t mean about finding the person, I'll leave that to Cap ONe and the police-- I mean as far as being able to discover my vulnerability?

jscher2000 - Yes, Firefox did store it for me. Not in the master password product, but just the normal password fill program.
As far as your second point. I'm not exactly sure either how it happened either. My first instinct was that they hacked into Cap One. Because the email had our correct name and email and physical address. To get into the account to get the password for the account, the only way is through firefox, a keylogger, or malware, I guess. But I thought for sure that all the money I pay to Norton for extended security, because of my business interactions, that they would have something as relatively mundane as malware figured out and up to date. I don;t know.
thanks for your responses. Please continue to help me figure this out.
ANYONE, any thoughts on anything I could get from the email headers, IP tracing or the like?
And I don;t mean about finding the person, I'll leave that to Cap ONe and the police-- I mean as far as being able to discover my vulnerability?

Question owner

Here was a link they wanted me to follow. I looked it up on whois and they certainly have been found out, but anyone able to read the link and tell me what it means? Here it is DO NOT FOLLOW IT!!!!!
DANGER DANGER DANGER DO NOT FOLLOW THE FOLLOWING LINK IT IS AN IDENTITY THIEF!!!!!!!!!!!!!!!!!!!!!!!!!!!

Here was a link they wanted me to follow. I looked it up on whois and they certainly have been found out, but anyone able to read the link and tell me what it means? Here it is DO NOT FOLLOW IT!!!!!
'''DANGER DANGER DANGER DO NOT FOLLOW THE FOLLOWING LINK IT IS AN IDENTITY THIEF!!!!!!!!!!!!!!!!!!!!!!!!!!!'''
canadatravel(DOT)net/?rid=%68T%74%50://%2f%6a.%6d%50.%2f17NzCQD?yrvqkvovtncsltn
I put in the (dot) so that the link wouldn't be live.

Hi DocGrimwig, the portion of the URL after the ? is used by the web server to redirect your query to a site you don't want to visit (doctoroz-weightloss{dot}com). My security software blocks it.

But what is the connection between this link and your card??

Hi DocGrimwig, the portion of the URL after the ? is used by the web server to redirect your query to a site you don't want to visit (doctoroz-weightloss{dot}com). My security software blocks it.
But what is the connection between this link and your card??

Question owner

[MY WIFE'S FULL NAME], Are you underwater? Sell your home fast. Get an immediate offer here: canadatravel(DOT)net/?rid=%68T%74%50://%2f%6a.%6d%50.%2f17NzCQD?yrvqkvovtncsltn

[OUR FULL ADDRESS WAS LOCATED HERE]

Of the 3 charges on our card, one of them was entitled this:

TWX CANADATRVL [A FAKE PHONE NUMBER] NY $2.00 (the amt of the charge)

OH and this is the Email from Address:

KarenxsWhitekw(at)roadrunner(DOT)com

The full text of the email is this:
[MY WIFE'S FULL NAME], Are you underwater? Sell your home fast. Get an immediate offer here: canadatravel(DOT)net/?rid=%68T%74%50://%2f%6a.%6d%50.%2f17NzCQD?yrvqkvovtncsltn
[OUR FULL ADDRESS WAS LOCATED HERE]
Of the 3 charges on our card, one of them was entitled this:
TWX CANADATRVL [A FAKE PHONE NUMBER] NY $2.00 (the amt of the charge)
OH and this is the Email from Address:
KarenxsWhitekw(at)roadrunner(DOT)com

Not sure what happened there. Did they have your email before charging your card? Wouldn't they prefer to just do it quietly instead of coming back for more?? Very odd.
* To report online financial crimes: [http://www.ic3.gov/default.aspx]
* To order your one-a-year-free credit report: [https://www.annualcreditreport.com/cra/index.jsp] (to verify that this site is legit, see: [http://www.consumer.ftc.gov/articles/0155-free-credit-reports] and [http://news.consumerreports.org/money/2008/02/review-your-cre.html])